Today > | 2 High | 5 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

Profiling and Detecting Malicious DNS Traffic

Aug. 21, 2024, 1:29 p.m.

Description

To improve our detection of suspicious network activity, we developed a deep learning method to profile and detect malicious DNS traffic patterns. Based on these DNS profiles, we implemented multiple detection modules designed to identify suspicious domains from different perspectives. We explored how these DNS traffic patterns correlate with specific types of cyberattacks through various case studies. Our detector captured 170 emerging suspicious domains in May 2024, blocking approximately 374,000 malicious DNS requests every day.

Date

Published: Aug. 21, 2024, 1:07 p.m.

Created: Aug. 21, 2024, 1:07 p.m.

Modified: Aug. 21, 2024, 1:29 p.m.

Indicators

carollewis.network

pococo.cc

robotatten.com

comcadt.net

biillpi.com

Attack Patterns

T1206

T1610

T1081

T1048

T1556

T1008

T1608

T1137

T1583

T1572

T1087

T1573

T1489

T1083

T1210

T1053